h1.toc-heading-western Server 5 4.3. TOR(The Onion Router)

h1.toc-heading-western { color: rgb(46, 116, 181); font-family: “Calibri Light”, serif; font-size: 16pt; font-weight: normal; }h1.toc-heading-cjk { color: rgb(46, 116, 181); font-size: 16pt; font-weight: normal; }h1.toc-heading-ctl { color: rgb(46, 116, 181); font-size: 16pt; font-weight: normal; }h3 { margin-top: 0.03in; margin-bottom: 0in; direction: ltr; color: rgb(0, 0, 10); line-height: 108%; text-align: left; page-break-inside: avoid; }h3.western { font-family: “Times New Roman”, serif; font-size: 12pt; }h3.cjk { font-size: 12pt; }h3.ctl { font-size: 12pt; font-weight: normal; }h2 { margin-top: 0.03in; margin-bottom: 0in; direction: ltr; color: rgb(0, 0, 10); line-height: 108%; text-align: left; page-break-inside: avoid; }h2.western { font-family: “Times New Roman”, serif; font-size: 12pt; }h2.cjk { font-size: 12pt; }h2.ctl { font-size: 13pt; font-weight: normal; }h1 { margin-bottom: 0in; direction: ltr; color: rgb(0, 0, 10); line-height: 108%; text-align: left; page-break-inside: avoid; }h1.western { font-family: “Times New Roman”, serif; font-size: 12pt; }h1.cjk { font-size: 12pt; }h1.ctl { font-size: 16pt; font-weight: normal; }p { margin-bottom: 0.08in; direction: ltr; color: rgb(0, 0, 10); line-height: 108%; text-align: left; }p.western { font-family: “Calibri”, serif; font-size: 11pt; }p.cjk { font-family: “Calibri”; font-size: 11pt; }p.ctl { font-size: 11pt; }

UNIVERSITY
OF SCIENCE AND TECHNOLOGY

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

CYBER
SECURITY

Subject:
Internet Anonymity
Name
– Surname: Hasret GÜLEÇ
No:
301930

Index

1. What
Is the Anonymity? 3
2. Why
Do We Need That? 3
3. How
can They Follow Us? 3
3.1. IP
Addresses 3
3.2. HTTP
Referrer 4
3.3. Cookies
& Tracking Scripts 4
3.4. Super
Cookies 4
3.5. User
Agent 4
3.6. Browser
Fingerprinting 4
4. How
can We Protect? 5
4.1. VPN(Virtual
Private Network) 5
4.2. Creating
Own VPN Server 5
4.3. TOR(The
Onion Router) 6

4.3.1. How
does TOR work? 6

4.3.2. Sorts
of Relays 6
4.4. I2P 9

4.4.1. How
does I2P work? 9
5. Conclusion 11

What Is the Anonymity?

Anonymity
means that the real author of a message or packet is not shown or
very difficult to find
the author of a message. If we provide those two definiton,that means
we provide the anonymity on the internet;
Unidentifiability
;
third person cannot identify any individual person who using internet
Unlinkability
;
third person cannot link an person to a specific message or action
Anonymity
is not a thing which was invented with the Internet. Before the
web,people were using aliases for being anonymous,it calls pseudonym.
However,
being anonymous on the internet is never %100,there is always a
possibility to find out who is guessing who it is.

Why Do We Need That?

There
are several reasons for that. For example;

People
in a country with a repressive political regime might use anonymity
to get rid of persecution for their political ideas,even in
democratic countries.

People
are more equal in anonymous discussions. There are not any factors
that can effect their discussion like status,gender etc..

Anti-Cencorship

Ofcourse
privacy. Some people just want it for their privacy.

How can They Follow Us?

IP Addresses

The
most basic way of identifying person is by user’s IP address. From
user’s IP address,a website can determine user’s rough
geographical location – user’s city or area -. However,IP addresses
can change and are often used by multiple users,so they are not a
good way of tracking a single user every time. Still,an IP address
can be combined with different techniques here to trace your
geographical location.

HTTP Referrer

When
user’s browser redirect the user,browser loads the web page you
clicked and have the knowledge regarding the web site wherever you
came from.This data is contained in the HTTP referrer header.

Cookies & Tracking Scripts

Cookies
are small pieces of information websites can store in your browser.
When user sign into a online-banking website,a cookie remembers
informations for login. When user change a setting on a website,a
cookie stores that setting so it will persist across page loads an
sessions.
Cookies
may also track user’s browsing activity. Some websites wish to
understand what pages users visit.

Super Cookies

Users
can clear browser’s cookies.However,it isn’t a 100% solution. Super
cookie’s datas can store in multiple places for instance,in Flash
cookies, Silverlight storage,browsing history and HTML5 native
storage.
When
a web site notices that you have deleted part of the super cookie,the
information copy from the other location. For instance,you might
clear your browser cookies and not your Flash cookies,so the website
will copy the value of the Flash cookie to your browser cookies.

User
Agent

Browser
also sends a user agent every time you connect to a website. This
tells websites your browser and operating system’s
information for example, which device you are using,which version of
browser and what it is name. While using this information attackers
can find exploit easiliy using Google. After that,there is only thing
that user can do is watch how can attackers steal informations fast.

Browser
Fingerprinting

Websites
can determine user’s operating system,browser version,installed
plug-ins and their versions,operating system’s screen
resolution,installed fonts,time zone etc.

There
is a website called Panopticlick can check user’s browser’s and
system’s trackability ;
https://panopticlick.eff.org/

They
are the basic way of logging systems. Every big systems have logging
server. They can log every action,sendig request to http,ftp,smtp,ssh
etc.

How
can We Protect?

There
are several ways to protect from tracking/being anonym on the
internet. However,there is not
certain way to do it.

Users
can set the cookies setting on the browser that they use like ;
“Only keep cookies until I close my browser” or close all of it.
Close all of it might not be good solution because some websites
don’t allow the users which don’t accept the cookies.

Disable
Flash and all other kind of “Super Cookies”

Use
the extensions on the browsers to control 3rd
party sites can include content in user’s page or run code in
user’s browser

Use
Tor to hide user’s IP address and other browser characteristics
when user want maximum browser privacy

VPN(Virtual
Private Network)

Virtual
Private Network is a service that permits you to connect to the web
via a server run by a VPN provider. All information traveling between
user’s device and this “VPN Server” is securely encrypted.
Normally,When
you connect to the web you first connet to your ISP(Internet Service
Provider),then you connect to other sites. The ISP can read all the
information that between you and the website. When using VPN, the ISP
can view only the access that you connect to the VPN,because you
connect to other sites after the VPN and the connection between you
and VPN server is encrypted and also it is safe to use public Wifi
hotspot,thanks to encrypted connection. Even if a hacker somehow
manages your data,the data safe because it is encrypted.
Of
course your VPN provider can know what do you do on the internet.
However,you can create your own VPN server.

Creating
Own VPN Server

The
VPN provide secure access to your home network from everyplace or you
can use it for

using
Poland version of Netflix when traveling outside the Poland.
There
are many solutions to do that.First one is getting a router which may
act like VPN. Home routers often come with built-in VPN servers,you
should simply check it if it has. You can then activate and configure
the VPN server by using setting of router.

Second
option is creating your own VPN server. You need just a computer or
device that is on all the time,not a device that turn off when you
arenot at there.
Third
choice is installing third-party VPN server’s application like
OpenVPN or OperaVPN. VPN servers are avaible for each operating
systems. You need the just configure your ports or most of the
applications do that by themselves.

Another
option is hosting your own VPN server with a web hosting provider.
After rent a server hosting you can install a VPN server on the
server which they have give to you. Internet bandwidth and machine’s
power can be change according to which packet that you choose.

It
doesn’t matter whatever solution is chosen,there is only one fact
that,users should set the authentication and updates
carefully.Otherwise, hackers or another users can track the vpn
servers easily.

TOR(The
Onion Router)

Tor
is an anonymity tool used by the those who want to stay private when
surfing on the internet. It provides security,stability and speed. It
has many different sponsors.Tor can help the users for being
anonymous and also host their websites by using “hidden services”
capabilities which mean sites can only be accessed by user on the Tor
network. It is call “Dark Web”.

How
does TOR work?

Tor
works by bouncing connections from user’s pc to destinations (for
instance agh.edu.pl) by using several of intermediate computers or
relays. Nowadays, there are about 6000 relays managing the traffic at
the Tor arrange. A large portion of the relays do not have special
hardware or computer code to do it. They simply have the Tor software
configured to act as a relay. On the off chance that there are more
transfers to pick from,it will be harder to trace anyone.

Sorts
of Relays

Guard
Relay : This the entrance for the Tor network.

Middle
Relay : Middle points transport activity from the guard relay to the
exit point.
Exit
Relay : Exit point at the Tor network. They send traffic to the final
point.

<<---Connection set up Connection ---->>

>

For
efficiency,the Tor network uses the same path for connections at
intervals a similar 10 minutes.Later requests are given a replacement
circuit to keep away people from linking your earlier actions to the
new ones.

The
Tor network can not solve all anonymity problems. It focuses only
protective the information transfer. Users have to use different
softwares if they don’t want the sites user visit to see user’s
information like identfy.If the attackers watch the traffic coming
out of your computer,and also going out, they can use statistical
analysis to find out that which web sites that you visit or who
arrive email from you.

I2P

I2P
is a open source project and it is a anonymous P2P(Peer to Peer)
network. It provides to user security layers which may connect each
other. The users can use email services,surfing,connecting the blogs
and forums,publish websites and instant message in the this layers.
All the informations encrypt with layers and transfer by tunnels.
Tunnel is the most important topic in the I2P.

There
are two types of tunnels in the I2P. First one is “outbond” and
other one is “inbound”.

How
does I2P work?

The
network created of a set of nodes with a number of undirectional
inbound and outbound tunnels. Each router has a cryptographic
identify. These routers communicate with each other with using
existing protocols(TCP,UDP etc..). Client applications have different
cryptographic identifier that enable to send and receive packets.
These users may connect to every router and authorize the temporary
allocation(“lease”) of some tunnels that will be used for
receiving and sending packets using the network.I2P has its own
internal network database for distribute route and deliver packets
securely..

In
the picture,Alice,Bob,Charlie and Dave are all running routers with
a single path on their local router. Each of them have 2-hop inbound
tunnels per route.When Alice and Bob communicate to each other,Alice
sends packet out one of her outbound tunnels through to one of Bob’s
inbound tunnels. This informations keep on the database.
If
Bob wants to send back packet to Alice,he just goes through the same
path,send a packet out one of his outbound tunnels through one of
Alice’s inbound tunnels.
There
isn’t any central mechanism to keep statistics of performance and
reliability of routers within the network. The network itself makes
use of a significant number of cryptographic techniques and
algorithms such a 2048bit ElGamal encryption,256bit AES with PKCS#5
padding,1024bit DSA signatures,SHA256 hashes,2048bit D?ffie-Hellman
negotiated connections with point to point authentication and
ElGamal/ AES+SessionTag.

End-to-end
encryption was removed in I2P’s earlier version;end-to-end encryption
from Alice’s router “a” to Bob’s router “h”
remins. All packets from a to h is end-to-end encrypted,but the I2CP
connection between the I2P router and the applications isn’t
end-to-end encrypted! A and h are the routers of Alice and Bob,while
Alice and Bob in following graph are the applications running on of
I2P.

Tor
provides one with better anonymous access to the open internet and
I2P supply one with a more powerful and trustable “network with
internet”. Both of them provide cryptographically sound methods
to anonymously access data and connect online world.In every case,
ISP can trace the user .In order to hide this knowledge,users should
use VPN service to hide their entry point the internet or Tor/I2P
networks.

Conclusion

With
the increasing of number of Internet users,we are faced with several
threats against user’s privacy. All widely-used Internet services
and protocols transfer a lot critical data.With analyzing these
data,firms can generate user’s profile.There is no way to hide
yourself in the internet %100.However,there are some tips that user
can do for reducing the risk. VPN is the main one,after that user may
use TOR/I2P for the anonymity but they always have to be careful
about the websites,cookies,http referrer,ip addresses and the
vulnerability king of internet ; flash.

References

http://www.cezerisga.com/makale/%C4%B0nternette%20G%C3%B6r%C3%BCnmez%20Olmak%20%C4%B0%C3%A7in%2010%20Gizlilik%20Uygulamas%C4%B1

https://www.ivpn.net/privacy-guides/an-introduction-to-tor-vs-i2p

https://geti2p.net/tr/docs/how/intro

https://www.bestvpn.com/i2p-idiots-introduction/

https://www.torproject.org

https://geti2p.net/en/docs/how/intro

https://internet-anonymity.com/

https://people.dsv.su.se/~jpalme/society/anonymity.html

x

Hi!
I'm Alfred!

Would you like to get a custom essay? How about receiving a customized one?

Check it out